Presentation To:: Southern Tier Library System

This is the html version of the file http://www.stls.
org/it/documents/Computer%20Security
%20PPT.pdf.
Google automatically generates html versions of documents as we crawl the web.
Page 1
www.lrkimball.com - infosec@lrkimball.com - 412-201-4900
PRESENTATION TO:
Southern Tier
Library System
Funded through Federal Library Services and Technology Act Funds
Funded through Federal Library Services and Technology Act Funds, Awarded
, Awarded
to the New York State Library by the Federal Institute of Museu
to the New York State Library by the Federal Institute of Museum and Library
m and Library
Services. Administered by the Southern Tier Library System.
Services. Administered by the Southern Tier Library System.
Page 2
Today’s Workshop
I. Introduction: Headlines,
Paradox &
Challenge
II. Information Security Attacks
and Hackers
III. Types of Computer and
Network Attacks
IV. Countermeasures (Personnel
and
Technology)
V. Miscellaneous tips
VI. Discussion and Conclusion
Page 3
Section I
Headlines, Paradox
and Challenges
Page 4
What is Information
Security ?
The concepts, techniques, technical
measures, and administrative
measures used to protect information
assets from deliberate or inadvertent
unauthorized acquisition, damage,
disclosure, manipulation,
modification,
loss, or use
Page 5
Who are the Hackers ???

33% of hackers are internal to the site
hacked
–
i.e. disgruntled employees
The external hacker community is
comprised of
two groups:
–
Benevolent Hackers – Tend to use
their talents to increase the level of
expertise and awareness of
Information Security
–
Malicious Hackers – Main purpose
is to disrupt, steal, or damage data
information in static or transport mode
96% of external hackers are males
between 16
and 24
Percentage compiled by FBI, 2002
Page 6
Section III
Types of Computer
Attacks
Page 7
Types of attacks
Denial of Service (DoS) Attacks
Website Defacement
Viruses and Worms
Data sniffing and Spoofing
Unauthorized Access
Malicious Code and Trojans
Port-scanning and Probing
Wireless Attacks
Page 8
Website Defacement
Increasing tremendously – Experts no
longer
keep record of defaced sites – Could not
keep up
60% of larger U.S. business expect to be
attacked
next year – Only 45% prepared to
respond
Attacker probes web services through
normal
Internet connection
Attacker modifies HTML or JAVA
code, which
changes website or web storefront
Conducted using free “hacking”
software easily
downloaded from Internet
Page 9
Viruses and Worms

Well over 10,000 viruses and worms
Computer Virus
–
Simply a string of malicious “code” that requires
a host to infect
–
Requires user interaction to infect
–
Infects user files and directories
–
E-mail file attachments major source of
spreading
–
i.e. “Melissa” and “I Love You”
Computer Worm
–
A virus with enough malicious “code” to replicate
itself without the need of a host
–
Penetrates hosts and slows network traffic
–
i.e. “Code Red” and “Nimda”
Page 10
Data Sniffing and Spoofing

Sniffing
–
Data packets are intercepted in transit by various
software programs that are free
–
Attackers are normally undetected
–
Typical services that are sniffed are: TELNET,
FTP,
SMTP (E-mail) packets if unencrypted
Spoofing
–
Acting on behalf of another person or entity
–
Data packets can be actively sniffed and modified
to
include a random source
–
Attacks routinely occur from spoofed sources to
hide the
original identity
Page 11
Unauthorized Access
Can be accomplished by any connection
to a
computer or network using most
services
(TELNET, FTP, HTTP, Web, E-mail,
etc.)
Must somehow compromise
authentication
(password, token, PIN, Smart card) to
gain
access
Once access is gained malicious activity
can
occur
Unless internal auditing and access
control is
implemented, access can be undetected
for years
Page 12

(Backdoors)
Malicious Code
–
Can take many forms
–
Unauthorized code that has been introduced
to an Operating System (OS)
–
Programs that outwardly appear harmless,
however, have a hostile code built-in
Trojans (Backdoors)
–
Users may install programs that contain Trojans
embedded within the code / Hidden from user
–
Many well-known computer games contain
Trojans
that allow remote users to gain access
–
Permit an attacker to access resources on target –
i.e. computer or server
Page 13

Port-scanning
–
Technique that identifies vulnerable network ports
or
services (i.e. TELNET, FTP, E-mail, Web, etc)
–
Works by identifying as many targets as possible
and
tracking the ones that are receptive
–
Scanning software is free and commonly accessible
via
the web
Probing
–
Once vulnerable ports are identified, the port can be
probed with malicious intent
–
Probing software is free and commonly accessible
via
the web
Page 14
Wireless Attacks
Wireless Equivalent Privacy (WEP)
protocol
cannot be trusted for security
Attackers can easily eavesdrop or spoof
wireless
traffic
Hackers external to your building may
be able to
intercept and view all of your wireless
traffic,
despite encryption
Hacker tools free and easily accessible
via the
web: AirSnort, WEPCrack, THC-RUT
Page 15
Section IV
Countermeasures –
Personnel and
Technology
Page 16
Countermeasures
Personnel
–
Security Policy and Procedures
–
Training and Awareness
–
Physical Security
–
Dedicated Management
Technology
–
Firewalls
–
Intrusion Detection
–
Virus Protection
–
Authentication and Authorization
–
Encryption
–
Auditing and Assessment (Third Party)
–
Data and Information Backup
Page 17
Personnel – Security Policy

and Procedures
Information Security Policies are the
foundation, the
bottom line, of information security
within an
organization
–
Ensure that they are comprehensive enough
–
Ensure that they are always up-to-date
–
Ensure they are complete
–
Ensure they are delivered effectively and
available to all staff
Having a Security Policy document in
itself is not
enough.... The contents MUST be
implemented to be
effective
Security Policy is the bedrock for
auditing, assessment,
controls, training, and legislation within
an organization
Will mitigate the following attacks:
–
Internal attacks (i.e. disgruntled employees)
Page 18
Personnel – Training and

Awareness
Staff members play a critical role in
protecting the integrity,
confidentiality, and availability of IT
systems and networks
Training in security awareness and
accepted computer
practices should be mandatory for all
staff
Initial security training, followed by
annual refresher training
Awareness should be ongoing through:
–
Promotional trinkets
–
Motivational slogans
–
Videotapes
–
Posters and Flyers
–
Page 19
Personnel – Physical
Security
Organizations should define physical
security zones
and implement appropriate preventative
and
detective controls in each zone to protect
against
the risks of:
–
Physical penetration by malicious or unauthorized
people
–
Damage from environmental contaminants, and
–
Electronic penetration through active or passive
electronic
emissions
–
Page 20
Personnel – Dedicated
Management
Organizations need to demonstrate that
they have
Information Security controls in place
through
dedicated staff
Provide the framework to initiate,
implement,
maintain, and manage Information
Security
Single Point of Contact for:
–
Training and Awareness
–
Policies and Procedures
–
Physical Security Controls
–
Technical Security Controls
–
Administrative Security Controls
–
Page 21
Technology - Firewalls
A system or group of systems that
enforce a network
access control policy
Filters data packets in and out of
intended target
Strength relies on configuration
Governs the flow of data into and out of
a Local Area
Network
Separates a private network (LAN) from
the public
Internet
–
Denial of Services (DoS) Attacks
–
Unauthorized Access
–
Page 22
Technology – Intrusion
Detection Systems
Complements firewalls to detect if
internal assets
are being hacked or exploited
Network-based Intrusion Detection
–
Monitors real-time network traffic for malicious
activity
–
Similar to a network sniffer
–
Sends alarms for network traffic that meets certain
attack patterns or signatures
Host-based Intrusion Detection
–
Monitors computer or server files for anomolies
–
Sends alarms for network traffic that meets a
predetermined attack signature
–
Denial of Service (DoS) attacks
–
Website Defacements
–
Page 23
Technology – Virus
Protection
Software should be installed on all
network servers,
as well as computers
Shall include the latest versions, as well
as signature
files (detected viruses)
Should screen all software coming into
your
computer or network system (files,
attachments,
programs, etc.)
–
Viruses and Worms
–
Page 24
Technology – Authentication
and Authorization
Authentication
–
Comes in (3) forms: What you have, know, or are
–
Have – Smartcard, token
–
Know – Password or PIN
–
Are – Fingerprint, Retina scan
–
Two factor authentication is the strongest – (2) out
of
the (3) listed means (i.e. ATM card)
–
Password (most common)
Should be at least (8) mixed characters and numbers
Should be changed at least every (90) days
Should have a timeout of (3) attempts
Authorization
–
What an individual has access to once authenticated
–
Unauthorized access
Page 25
Technology - Encryption
Protects data in transit or stored on disk
The act of ciphering and enciphering
data through the
use of shared software keys, data cannot
be accessed
without the appropriate software keys
Common use of encryption includes the
following
technologies:
–
Virtual Private Networking (VPN) – Used to secure
data transfer across
the Internet
–
Secure Sockets Layer – Used to secure client to server
web-based
transactions
–
S-MIME – Used to secure e-mail transactions
–
Wireless Equivalency Privacy (WEP) protocol – Used
to secure
wireless transactions
–
Data sniffing and spoofing
–
Wireless attacks
Page 26
Technology – Assessment
and Auditing
Assessment (Risk and Vulnerability)
–
Process by which an organization identifies what needs
to be done to
achieve sufficient security
–
Involves identifying and analyzing threats,
vulnerabilities, attacks, and
corrective actions
–
Key driver in the Information Security process
–
Should be conducted by a third-party
–
Include manual and automated (vulnerability scanners)
methods
Auditing
–
Compare the state of a network or system against a set
of standards
or policy
–
Identify weaknesses and vulnerabilities
that address all of the mentioned attacks
Page 27
Technology – Data and
Information Backups
Must have for disaster recovery and
business
continuity
Should include daily and periodic
(weekly) backups
Should be stored off-site, at least (20)
miles away from
geographic location, and have 24X7
access
Should be kept for at least (30) days
while rotating
stockpile
–
Used to respond and replace
information that is compromised
by all the mentioned attacks
Page 28
Section V
Miscellaneous Tips
Page 29
Miscellaneous Tips
Perform a Vulnerability Assessment
–
Provided by a third-party consultant
Use Anti-virus software
–
Should be present on every server and computer
–
Consider extending license for home use
–
Get virus updates regularly
Install a firewall
–
Block unused services, ports, and protocols
Teach all users “Safe Internet Skills”
Use strong authentication (8 character
password,
token, smartcard, strong PIN)
Use encryption (VPN, Secure e-mail,
etc.) for
sensitive information
Page 30
Section VI
Discussion and
Conclusion

Presentation To:: Southern Tier Library System

Diunggah oleh

Informasi Dokumen

Deskripsi Asli:

Judul Asli

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

Presentation To:: Southern Tier Library System

Diunggah oleh

Hak Cipta:

Format Tersedia

This is the html version of the file http://www.stls.

Who are the Hackers ???

Viruses and Worms

Data Sniffing and Spoofing

Malicious Code and Trojans

Port-scanning and Probing

Personnel – Security Policy

Personnel – Training and

Anda mungkin juga menyukai